Software

LINUX PICKS AND PANS

Clam or Klam? Either Way, It’s Easy Linux Protection

Have you run a virus scan lately? Nope? Don’t need to, you say. That’s because you run a Linux OS.

Think again. To quote the title line of Bob Dylan’s third studio album, “the times they are a-changin.'”

Yes they are. And part of that change is the greater risk of malware attacks to the Linux operating system. It used to be that Linux was so iron-clad safe security-wise that virus intrusions did not exist.

Used-to-be has now given way to possibly maybe. The rallying cry among security experts in the past was simply that using a Linux OS — or Mac OS X — gave your built-in security by obscurity.

Still, many operators of Linux-powered email servers for years ran Unix-based security software to insure that contact with the Windows environment didn’t unwittingly pass along any viruses. That same strategy makes sense if you run any of the dozens of flavors of the Linux desktop.

The ClamAV Antivirus Manager is a good safety precaution. It comes in versions for Gnome and KDE desktop environments.

With so much of our computing activities based on Web-based apps and cross-platform software such as browsers and word processors, this unobtrusive scanner application goes a step or two beyond the “security by obscurity” axiom.

The Landscape

The KlamAV Antivirus Manager and the ClamTK Virus Scanner are basically the same application, but the interface gives each its own look and feel.

The naming game is basically an alphabet soup of environments. The KlamAV entity pairs up with the KDE environment.

The ClamTK Virus Scanner is a GUI or Graphical User Interface front-end for the ClamAV antivirus using gtk2-perl.

In most Linux distros, you can get either version from the package management system. This makes installation foolproof and uncomplicated.

Other Options?

Well, yea. You can find a few other anti-virus apps for various Linux distros. But they are mostly distributed as binary files and are available outside package management repositories for various Linux distros.

For instance, I used to run AVG for Linux. But I lost interest in fighting to get the virus updates to connect.

I also use to use F-Prot when I ran earlier versions of Puppy Linux on a few of my older computers. I fell out of favor with it when I upgraded to the Lucid Lynx version of Ubuntu on my newer hardware. Installing it outside the repository was too much of a hassle.

I still like the Linux version of Avast antivirus software. It is a bit easier to install than other n on-repository packages. Avast is available in three versions. One is for RPM package managers commonly used by Red Hat Linux and its derivatives. The second is a .deb package, which is compatible with Ubuntu other Debian-based distros. The third version is more generic. It comes as a tarball or TAR.GZ compressed package.

Klaming Around

KlamAV brings the same protection to the KDE desktop as ClamAV brings to the Gnome world. Like its counterpart, it includes on-access scanning and manual scanning.

KlamAV also has quarantine management and easy updates downloading. You can also use it for automatic email scanning if you use Kmail or Evolution.

Clamming About

Easy-to-install packages for non-KDE environments are available directly from repositories used for Linux distributions based on Fedora, CentOS, Debian and Ubuntu versions. It is also available as a tarball.

The latest version of the ClamTK Virus Scanner, version 4.28, was released in August. It also plays nicely with the XFCE desktop. The Thunar file manager normally has no right-click send-to ClamTK functionality, but the developer made a work-around to fix this. You can get it here.

The ClamTK GUI

The interface is clean and simple. It shows Scan, View, Quarantine, Advanced and Help drop-down menu options.

The Actions windows has buttons for Home, File Directory and Exit. These are actually shortcuts that let you bypass the full scan menu.

The bottom of the app window shows pertinent details about the age of the virus definitions, the last virus scan date, and the last infected file date.

Using ClamTK

Go to the Scan menu to select the type of scan you want to run. The choices are file, directory, recursive, a home directory quick scan or a home directory recursive scan. Predefined hot key combinations for each action are available to bypass having to use the drop down menu.

ClamTK

ClamTK

Under the Advanced menu you can set the scan options. The recommended choice is Home rather than the entire computer.

You can also set the time of the scans and add additional directories such as a whitelisted location. You can also set the time for your system to update virus signatures.

The Klam Face

The user interface for the KlamAV Antivirus Manager is a bit more extensive. Its tool bar row shows tabs for Scan, Update, Quarantine, Virus Browser and Events.

The Scan tab shows a tree structure of the entire file system. A list of action commands tells the scanner engine what to do when a virus is found. Clicking the check box activates the selected options. Buttons within the tabbed page provide access to scanning schedules and other options.

KlamAV

KlamAV

Each of the tabbed pages has a similar set up. The options and control over when and what the scanning engine does seem more detailed than the TK version.

Info Central

On several of the Klam tabs you can select links to the Klam Web site. The choices include latest news, the application home page and security notes.

One very handy feature in this version is the Virus Browser. This lets you get details about whatever viruses it detects. This ties in with viruses listed as quarantined on your system.

Another key feature that keeps you in the know is the Events page. You can search for varies types of events found during system scans. Several filtering controls let you pinpoint the type of event and the time and the location.

2 Comments

  • If the average Linux user uses a well known Linux Distro (such as Debian) and they use the package manager as they should then there is no need for anti-virus software. The repose of these distros are well maintained and checked. The chances of getting malicious software through them are slim to none. If an anti-virus program is able to find the virus then it should be found before it reaches stable release.

    If the user is downloading software from insecure websites or as email attachments, all the anti-virus in the world isn’t going to help. This is clear if you take a moment to look at the windows world and how anti-virus has failed completely.

    We need to educate users. Teach them how package mangers work and the importances of using them.

    Only time you should be download software from a web site is if you are an advanced user and you know what you are doing.

    The last thing Linux needs is anti-virus software that is going to slow our computers down, give us false negatives and a false sense of security.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Software

LinuxInsider Channels